After over a decade of use, Software as a Service (SaaS) is really hitting the mainstream, with organisations increasingly considering SaaS solutions for core applications, including ERP and Financials.
The shift towards cloud computing and SaaS has prompted a huge increase in data centre providers and most SaaS vendors will leverage third party data centre resources to store clients’ data since it is the most cost effective approach. However, the difference between these organisations can be significant, not only in areas of performance and resilience but also security. To ensure the long-term safety of key financial data, organisations need to look at a variety of issues from location to physical security and compliance with standards.
Here are five questions you need to ask your Data Centre Provider before trusting financial data to the cloud:
- Data Location: Organisations are understandably concerned about where data is located. With cloud data storage by its very nature based anywhere in the world and some government legislation – specifically the US – permitting access to data on demand, is is vitally important for organisations to check where data is stored.
- Data Security: It is also important to assess the quality of security being deployed at the data centre. Check out the physical security employed on site and whether the data centre conforms to the European standard for data centres.
- Data Centre Processes: With Internet risks evolving on a daily basis, companies need to ascertain the quality of real time monitoring tools and intrusion detection techniques. They also need to check the robustness of back-up and failover solutions to ensure no data loss and guarantee the promised 24×7 access to information.
- Legal Requirements: The essence of the SaaS model is total flexibility, allowing companies to easily move between suppliers. But what happens to the data if the company unsubscribes from the service to move to a different vendor? With a legal requirement to retain financial information for at least seven years, it is essential to ensure the data centre has a process in place to comply with data compliance requirements and to find out exactly how that information will be accessed as and when required.
- Secondary Site: What is the data centre’s provision for disaster recovery (DR)? Many London-based data centres are having to consider the risks associated with the Olympics and Golden Jubiliee, but any data centre needs to have good DR in place to ensure continuous availability and safeguard data in the event of a problem at the primary site. Are the processes in place at the secondary site also robust?
UK Country Manager Twinfield